content/posts/why-i-cant-enable-registrations.md

   1 ---
   2 title: "Why I can't enable registrations"
   3 date: 2022-02-23T16:59:55+03:00
   4 tags: ['rant','gdpr','privacy','site','future']
   5 description: "If you've used any of my services, you have more than likely have had to use it as a guest rather than a registered user. There's one simple reason why I can't allow you to. GDPR... and lack of helping the little guy with it."
   6 type: blog
   7 aliases: ["/why-i-cant-enable-registrations.html"]
   8 draft: false
   9 ---
  10
  11 If you've used any of my services, you have more than likely have had
  12 to use it as a guest rather than a registered user. There's one simple
  13 reason why I can't allow you to. GDPR... and lack of helping the little
  14 guy with it.
  15
  16 ## The case of Matrix
  17 I love [Matrix](https://matrix.org/) - I would love to contribute to the
  18 wider ecosystem of it with my homeserver, but I've always had to shut
  19 down requests of people wanting to register an account in my homeserver
  20 if I do not know them.
  21
  22 The annoyance comes from the fact that Element **[only covers their own asses.](https://matrix.org/legal/privacy-notice)**
  23 I would love to add a privacy notice and easy methods to remove all user
  24 data whatsoever. I would love to open registrations for many services.
  25 However, I wouldn't like to get a GDPR fine for being in violation of the
  26 law. You cannot easily readapt the privacy notice for Synapse and Element.
  27 They're written on a scale of a business - the only templates in repositories
  28 are ones for Element themselves. I have tried rewriting one of their GDPR
  29 and privacy notices to no avail - it's full of legalese jargon that is hard
  30 to read for a normal person.
  31
  32 ## Okay? Matrix has a deactivate button.
  33 That isn't GDPR compliant still. It doesn't fully erase all of your data.
  34 It only wipes your profile data, which can still be retrieved from the
  35 channels that the user was partaken in. Not only that, but you cannot remove
  36 data from other homeservers - this is a huge red flag in data sharing.
  37
  38 ## What about this other service you're hosting?
  39 There is even less of a legal notice put up for those. If you find a reasonable
  40 legal notice anywhere that can be adapted by an individual, not a business,
  41 please let me know.
  42
  43
  44
  45 **TL;DR** - GDPR non-compliance if I would enable. No safety net either by
  46 the bigger projects, only to cover businesses. Smaller projects tend
  47 to not even have any documents in first place.
  48
  49
  50 Thanks for reading
  51 - Cernodile